Cisco Registered Envelope Service CVE-2017-3889 Open Redirection Vulnerability

Cisco Registered Envelope Service is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can leverage this issue to conduct phishing attacks; other attacks are possible.

This issue is being tracked by Cisco Bug ID CSCvc60123.

Information

Bugtraq ID: 97433
Class: Input Validation Error
CVE: CVE-2017-3889

Remote: Yes
Local: No
Published: Apr 05 2017 12:00AM
Credit: Jim Guma
Vulnerable: Cisco Registered Envelope Service 5.1.0-015

Not Vulnerable:

Exploit

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

Cisco Homepage (Cisco )
Cisco Registered Envelope Service Open Redirect Vulnerability (Cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit